### Authorization & Access Control
-Upon successful authentication, an authentication context is created and is available for access via the OSGi service `org.opendaylight.aaa.api.AuthenticationService`. The authentication context consists of the following information:
-
-* UserId/Name
-* DomainId/Name
-* Roles
-
-Based on the current authentication context, it is the responsibility of the OSGi applications within the controller to provide the appropriate access control, via bespoke logic or the MD-SAL security framework.
+Authorization is implemented via the aaa-authz modules, comprising of a yang based AuthZ policy schema, an MD-SAL AuthZ capable broker, an AuthZ
+service engine invoked by the broker and executing policies.
+
+Initially the AuthZ functionality is only able to handle RestConf requests, and to do so the Restconf connnector configuration must
+ be explicitly modified as follows:
+
+ 0. Compile as per the above instructions
+ 1. If you have already run ODL with Restconf or the mdsal-all feature package under karaf, then proceed as per below. Alternatively skip to step 2.
+ 1a. consider deleting the assembly/data directory in your karaf install. This will require the re-activation of features at karaf startup.
+ 1b. Delete the default restconf connector configuration file: "rm assembly/etc/opendaylight/karaf/10-rest-connector.xml"
+ 2. Start karaf and install the odl-aaa-all feature as per the previous instructions
+ 3. Start the odl-restconf feature via the command "feature:install odl-resctonf". An alternative can also be feature:install odl-mdsal-all
+
+To unistall authz:
+1. Unistall the feature via "feature:uninstall feature:odl-aaa-authz"
+2. Either:
+2a. Locate and open in an editor the default 10-rest-connector.xml configuration file in assembly/etc/opendaylight/karaf/.
+ 2. Change the <dom-broker> configuration element
+ FROM:
+ <dom-broker>
+ <type xmlns:dom="urn:opendaylight:params:xml:ns:yang:controller:md:sal:dom">dom:dom-broker-osgi-registry</type>
+ <name>authz-connector-default</name>
+ </dom-broker>
+ TO:
+ <dom-broker>
+ <type xmlns:dom="urn:opendaylight:params:xml:ns:yang:controller:md:sal:dom">dom:dom-broker-osgi-registry</type>
+ <name>dom-broker</name>
+ </dom-broker>
+OR:
+2b. Reinstall resctonf via the command "feature:install odl-resctonf"
+
+Legacy instructions for activating Authz in non karaf based ODL runtimes:
+ 0. Build aaa project and copy all generated aaa jars to the plugins directory of your odl target install
+ 1. Locate and open in an editor the default 10-rest-connector.xml configuration file. Default location is at 'configuration/initial'
+ 2. Change the <dom-broker> configuration element
+ FROM:
+ <dom-broker>
+ <type xmlns:dom="urn:opendaylight:params:xml:ns:yang:controller:md:sal:dom">dom:dom-broker-osgi-registry</type>
+ <name>dom-broker</name>
+ </dom-broker>
+ TO:
+ <dom-broker>
+ <type xmlns:dom="urn:opendaylight:params:xml:ns:yang:controller:md:sal:dom">dom:dom-broker-osgi-registry</type>
+ <name>authz-connector-default</name>
+ </dom-broker>
+ 3. Restart ODL
+
+Default authorization are loaded from the configuration subsystem (TODO: Provide a default set)
+They are accessible and editable via the restconf interface at: http://<odl address>/restconf/configuration/authorization-schema:simple-authorization/
+
+The schema for policies is a list consisting of the following items:
+
+ * Service : The application service that is the initiator of the request triggering an authorization check, eg Restconf.
+ NOTE: The service field is currently not enforced, and a wildcard "*" is recommended.
+ * Action: The action that is being authorized. Maps to one of: { create; read; update; delete; execute; subscribe; any }
+ * Resource: The URI or Yang instance id of the resource, including wildcards (see examples below)
+ * Role: The AuthN derived user role
+
+Some examples of resources are
+ Data : /operational/opendaylight-inventory:nodes/node/openflow:1/node-connector/openflow:1:1
+ Wildcarded data: /configuration/opendaylight-inventory:nodes/node/*/node-connector/*
+ RPC: /operations/example-ops:reboot
+ Wildcarded RPC: /operations/example-ops:*
+ Notification: /notifications/example-ops:startup
*More on MD-SAL authorization later...*
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <parent>
+ <artifactId>aaa-authz</artifactId>
+ <groupId>org.opendaylight.aaa</groupId>
+ <version>0.1.0-SNAPSHOT</version>
+ </parent>
+ <modelVersion>4.0.0</modelVersion>
+
+ <artifactId>authz-service-config</artifactId>
+ <description>AuthZ Service Configuration files </description>
+ <packaging>jar</packaging>
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.codehaus.mojo</groupId>
+ <artifactId>build-helper-maven-plugin</artifactId>
+ <executions>
+ <execution>
+ <id>attach-artifacts</id>
+ <goals>
+ <goal>attach-artifact</goal>
+ </goals>
+ <phase>package</phase>
+ <configuration>
+ <artifacts>
+ <artifact>
+ <file>${project.build.directory}/classes/initial/${config.authz.service.configfile}</file>
+ <type>xml</type>
+ <classifier>config</classifier>
+ </artifact>
+ </artifacts>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
+ </plugins>
+ </build>
+
+</project>
\ No newline at end of file
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- vi: set et smarttab sw=4 tabstop=4: -->
+<!--
+ Copyright (c) 2013 Cisco Systems, Inc. and others. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v1.0 which accompanies this distribution,
+ and is available at http://www.eclipse.org/legal/epl-v10.html
+-->
+<snapshot>
+ <configuration>
+ <data xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
+ <modules xmlns="urn:opendaylight:params:xml:ns:yang:controller:config">
+
+ <!-- defines an implementation module -->
+ <module>
+ <type xmlns:authz="urn:opendaylight:params:xml:ns:yang:controller:config:aaa-authz:srv">authz:aaa-authz-service</type>
+ <name>aaa-authz-service</name>
+
+ <dom-broker>
+ <type xmlns:dom="urn:opendaylight:params:xml:ns:yang:controller:md:sal:dom">dom:dom-broker-osgi-registry</type>
+ <name>dom-broker</name>
+ </dom-broker>
+
+ <data-broker>
+ <type xmlns:binding="urn:opendaylight:params:xml:ns:yang:controller:md:sal:binding">binding:binding-data-broker</type>
+ <name>binding-data-broker</name>
+ </data-broker>
+
+
+ </module>
+ </modules>
+
+ <services xmlns="urn:opendaylight:params:xml:ns:yang:controller:config">
+ <service>
+ <type xmlns:dom="urn:opendaylight:params:xml:ns:yang:controller:md:sal:dom">dom:dom-broker-osgi-registry</type>
+ <instance>
+ <name>authz-connector-default</name>
+ <provider>
+ /modules/module[type='aaa-authz-service'][name='aaa-authz-service']
+ </provider>
+ </instance>
+ </service>
+ </services>
+
+ </data>
+
+
+ </configuration>
+ <required-capabilities>
+ <capability>urn:opendaylight:params:xml:ns:yang:controller:config:aaa-authz:srv?module=aaa-authz-service-impl&revision=2014-07-01</capability>
+ </required-capabilities>
+
+</snapshot>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+Copyright (c) 2014 Cisco Systems, Inc. and others. All rights reserved.
+
+This program and the accompanying materials are made available under the
+terms of the Eclipse Public License v1.0 which accompanies this distribution,
+and is available at http://www.eclipse.org/legal/epl-v10.html
+-->
+<snapshot>
+ <configuration>
+ <data xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
+ <modules xmlns="urn:opendaylight:params:xml:ns:yang:controller:config">
+
+ <module>
+ <type xmlns:rest="urn:opendaylight:params:xml:ns:yang:controller:md:sal:rest:connector">rest:rest-connector-impl</type>
+ <name>rest-connector-default-impl</name>
+ <websocket-port>8185</websocket-port>
+ <dom-broker>
+ <type xmlns:dom="urn:opendaylight:params:xml:ns:yang:controller:md:sal:dom">dom:dom-broker-osgi-registry</type>
+ <name>authz-connector-default</name>
+ </dom-broker>
+ </module>
+ </modules>
+
+ <services xmlns="urn:opendaylight:params:xml:ns:yang:controller:config">
+ <service>
+ <type xmlns:rest="urn:opendaylight:params:xml:ns:yang:controller:md:sal:rest:connector">rest:rest-connector</type>
+ <instance>
+ <name>rest-connector-default</name>
+ <provider>
+ /modules/module[type='rest-connector-impl'][name='rest-connector-default-impl']
+ </provider>
+ </instance>
+ </service>
+ </services>
+
+ </data>
+ </configuration>
+ <required-capabilities>
+ <capability>urn:opendaylight:params:xml:ns:yang:controller:md:sal:rest:connector?module=opendaylight-rest-connector&revision=2014-07-24</capability>
+ </required-capabilities>
+</snapshot>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <parent>
+ <artifactId>aaa-authz</artifactId>
+ <groupId>org.opendaylight.aaa</groupId>
+ <version>0.1.0-SNAPSHOT</version>
+ </parent>
+ <modelVersion>4.0.0</modelVersion>
+
+ <artifactId>authz-restconf-connector-config</artifactId>
+
+ <description>AuthZ Restconf Connector Configuration file </description>
+ <packaging>jar</packaging>
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.codehaus.mojo</groupId>
+ <artifactId>build-helper-maven-plugin</artifactId>
+ <executions>
+ <execution>
+ <id>attach-artifacts</id>
+ <goals>
+ <goal>attach-artifact</goal>
+ </goals>
+ <phase>package</phase>
+ <configuration>
+ <artifacts>
+ <artifact>
+ <file>${project.build.directory}/classes/initial/${config.restconf.configfile}</file>
+ <type>xml</type>
+ <classifier>config</classifier>
+ </artifact>
+ </artifacts>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
+ </plugins>
+ </build>
+</project>
\ No newline at end of file
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+Copyright (c) 2014 Cisco Systems, Inc. and others. All rights reserved.
+
+This program and the accompanying materials are made available under the
+terms of the Eclipse Public License v1.0 which accompanies this distribution,
+and is available at http://www.eclipse.org/legal/epl-v10.html
+-->
+<snapshot>
+ <configuration>
+ <data xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
+ <modules xmlns="urn:opendaylight:params:xml:ns:yang:controller:config">
+
+ <module>
+ <type xmlns:rest="urn:opendaylight:params:xml:ns:yang:controller:md:sal:rest:connector">rest:rest-connector-impl</type>
+ <name>rest-connector-default-impl</name>
+ <websocket-port>8185</websocket-port>
+ <dom-broker>
+ <type xmlns:dom="urn:opendaylight:params:xml:ns:yang:controller:md:sal:dom">dom:dom-broker-osgi-registry</type>
+ <name>authz-connector-default</name>
+ </dom-broker>
+ </module>
+ </modules>
+
+ <services xmlns="urn:opendaylight:params:xml:ns:yang:controller:config">
+ <service>
+ <type xmlns:rest="urn:opendaylight:params:xml:ns:yang:controller:md:sal:rest:connector">rest:rest-connector</type>
+ <instance>
+ <name>rest-connector-default</name>
+ <provider>
+ /modules/module[type='rest-connector-impl'][name='rest-connector-default-impl']
+ </provider>
+ </instance>
+ </service>
+ </services>
+
+ </data>
+ </configuration>
+ <required-capabilities>
+ <capability>urn:opendaylight:params:xml:ns:yang:controller:md:sal:rest:connector?module=opendaylight-rest-connector&revision=2014-07-24</capability>
+ </required-capabilities>
+</snapshot>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ ~ Copyright (c) 2014 Cisco Systems, Inc. and others. All rights reserved.
+ ~
+ ~ This program and the accompanying materials are made available under the
+ ~ terms of the Eclipse Public License v1.0 which accompanies this distribution,
+ ~ and is available at http://www.eclipse.org/legal/epl-v10.html
+ -->
+
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <parent>
+ <artifactId>aaa-authz</artifactId>
+ <groupId>org.opendaylight.aaa</groupId>
+ <version>0.1.0-SNAPSHOT</version>
+ <relativePath>../pom.xml</relativePath>
+ </parent>
+ <modelVersion>4.0.0</modelVersion>
+
+ <artifactId>aaa-authz-service</artifactId>
+ <packaging>bundle</packaging>
+
+ <dependencies>
+ <dependency>
+ <groupId>org.opendaylight.controller</groupId>
+ <artifactId>sal-binding-util</artifactId>
+ <version>1.1-SNAPSHOT</version>
+ </dependency>
+ <dependency>
+ <groupId>org.opendaylight.controller</groupId>
+ <artifactId>sal-common-util</artifactId>
+ <version>1.1-SNAPSHOT</version>
+ </dependency>
+ <dependency>
+ <groupId>org.opendaylight.yangtools</groupId>
+ <artifactId>yang-data-api</artifactId>
+ <version>${yang.codegen.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>commons-codec</groupId>
+ <artifactId>commons-codec</artifactId>
+ <version>1.7</version>
+ </dependency>
+ <dependency>
+ <groupId>org.opendaylight.controller</groupId>
+ <artifactId>sal-binding-api</artifactId>
+ <version>1.1-SNAPSHOT</version>
+ </dependency>
+ <dependency>
+ <groupId>org.opendaylight.controller</groupId>
+ <artifactId>config-api</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.opendaylight.controller</groupId>
+ <artifactId>sal-binding-config</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.opendaylight.aaa</groupId>
+ <artifactId>aaa-authz-model</artifactId>
+ <version>0.1.0-SNAPSHOT</version>
+ </dependency>
+ <dependency>
+ <groupId>org.opendaylight.aaa</groupId>
+ <artifactId>aaa-authn-api</artifactId>
+ <version>0.1.0-SNAPSHOT</version>
+ </dependency>
+ <dependency>
+ <groupId>org.opendaylight.controller</groupId>
+ <artifactId>sal-core-api</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.jboss.resteasy</groupId>
+ <artifactId>jaxrs-api</artifactId>
+ <scope>provided</scope>
+ </dependency>
+
+<!-- Test dependencies -->
+ <dependency>
+ <groupId>junit</groupId>
+ <artifactId>junit</artifactId>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.mockito</groupId>
+ <artifactId>mockito-all</artifactId>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.slf4j</groupId>
+ <artifactId>slf4j-simple</artifactId>
+ <version>1.7.7</version>
+ <scope>test</scope>
+ </dependency>
+
+</dependencies>
+
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.felix</groupId>
+ <artifactId>maven-bundle-plugin</artifactId>
+ <version>2.3.6</version>
+ <extensions>true</extensions>
+ <configuration>
+ <instructions>
+ <!-- <Bundle-Activator>org.opendaylight.aaa.authz.srv.AuthzProvider</Bundle-Activator> -->
+ <Export-Package>org.opendaylight.aaa.config.yang.aaa_srv,</Export-Package>
+ </instructions>
+ </configuration>
+ <!-- <configuration> <Export-Package> </Export-Package> </configuration> -->
+ </plugin>
+ <plugin>
+ <groupId>org.opendaylight.yangtools</groupId>
+ <artifactId>yang-maven-plugin</artifactId>
+ <executions>
+ <execution>
+ <id>config</id>
+ <goals><goal>generate-sources</goal></goals>
+ <configuration>
+ <codeGenerators>
+ <generator>
+ <codeGeneratorClass>
+ org.opendaylight.controller.config.yangjmxgenerator.plugin.JMXGenerator
+ </codeGeneratorClass>
+ <outputBaseDir>${jmxGeneratorPath}</outputBaseDir>
+ <additionalConfiguration>
+ <namespaceToPackage1>
+ urn:opendaylight:params:xml:ns:yang:controller==org.opendaylight.controller.config.yang
+ </namespaceToPackage1>
+ </additionalConfiguration>
+ </generator>
+ <generator>
+ <codeGeneratorClass>org.opendaylight.yangtools.maven.sal.api.gen.plugin.CodeGeneratorImpl</codeGeneratorClass>
+ <outputBaseDir>${salGeneratorPath}</outputBaseDir>
+ </generator>
+ </codeGenerators>
+ <inspectDependencies>true</inspectDependencies>
+ </configuration>
+ </execution>
+ </executions>
+ <dependencies>
+ <dependency>
+ <groupId>org.opendaylight.controller</groupId>
+ <artifactId>yang-jmx-generator-plugin</artifactId>
+ <version>${config.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.opendaylight.yangtools</groupId>
+ <artifactId>maven-sal-api-gen-plugin</artifactId>
+ <version>${yangtools.version}</version>
+ </dependency>
+ </dependencies>
+ </plugin>
+ </plugins>
+ </build>
+
+</project>
\ No newline at end of file
--- /dev/null
+/*
+ * Copyright (c) 2014 Cisco Systems, Inc. and others. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v1.0 which accompanies this distribution,
+ * and is available at http://www.eclipse.org/legal/epl-v10.html
+ */
+
+package org.opendaylight.aaa.authz.srv;
+
+import org.opendaylight.aaa.api.AuthenticationService;
+import org.opendaylight.controller.md.sal.dom.api.DOMDataBroker;
+import org.opendaylight.controller.sal.core.api.Broker;
+import org.opendaylight.controller.sal.core.api.Consumer;
+import org.opendaylight.controller.sal.core.api.Provider;
+import org.osgi.framework.BundleContext;
+
+import java.util.Collection;
+
+/**
+ * Created by wdec on 26/08/2014.
+ */
+public class AuthzBrokerImpl implements Broker, AutoCloseable, Provider {
+
+ private Broker broker;
+ private ProviderSession providerSession;
+ private AuthenticationService authenticationService;
+
+ public void setBroker(Broker broker) {
+ this.broker = broker;
+ }
+
+ @Override
+ public void close() throws Exception {
+
+ }
+// Implements AuthzBroker handling of registering consumers or providers.
+ @Override
+ public ConsumerSession registerConsumer(Consumer consumer) {
+
+ ConsumerSession realSession = broker.registerConsumer(new ConsumerWrapper(consumer));
+ AuthzConsumerContextImpl authzConsumerContext = new AuthzConsumerContextImpl(realSession, this);
+ consumer.onSessionInitiated(authzConsumerContext);
+ return authzConsumerContext;
+ }
+
+ @Override
+ public ConsumerSession registerConsumer(Consumer consumer, BundleContext bundleContext) {
+
+ ConsumerSession realSession = broker.registerConsumer(new ConsumerWrapper(consumer), bundleContext);
+ AuthzConsumerContextImpl authzConsumerContext = new AuthzConsumerContextImpl(realSession, this);
+ consumer.onSessionInitiated(authzConsumerContext);
+ return authzConsumerContext;
+ }
+
+ @Override
+ public ProviderSession registerProvider(Provider provider) {
+
+ ProviderSession realSession = broker.registerProvider(new ProviderWrapper(provider));
+ AuthzProviderContextImpl authzProviderContext = new AuthzProviderContextImpl(realSession, this);
+ provider.onSessionInitiated(authzProviderContext);
+ return authzProviderContext;
+ }
+
+ @Override
+ public ProviderSession registerProvider(Provider provider, BundleContext bundleContext) {
+
+ // Allow the real broker to do its thing, while providing a wrapped callback
+ ProviderSession realSession = broker.registerProvider(new ProviderWrapper(provider), bundleContext);
+
+ // Create Authz ProviderContext
+ AuthzProviderContextImpl authzProviderContext = new AuthzProviderContextImpl(realSession, this);
+
+ // Run onsessionInitiated on injected provider with the AuthZ provider context.
+ provider.onSessionInitiated(authzProviderContext);
+ return authzProviderContext;
+
+ }
+
+ //Handle the AuthZBroker registration with the real broker
+ @Override
+ public void onSessionInitiated(ProviderSession providerSession) {
+
+ //Get now the real DOMDataBroker and register it with the AuthzDOMBroker together with the provider session
+ final DOMDataBroker domDataBroker = providerSession.getService(DOMDataBroker.class);
+ AuthzDomDataBroker.getInstance().setProviderSession(providerSession);
+ AuthzDomDataBroker.getInstance().setDomDataBroker(domDataBroker);
+
+ }
+
+ @Override
+ public Collection<ProviderFunctionality> getProviderFunctionality() {
+ return null;
+ }
+
+ public void setAuthenticationService(AuthenticationService authenticationService) {
+ this.authenticationService = authenticationService;
+ }
+
+ //Wrapper for Provider
+
+ public static class ProviderWrapper implements Provider{
+ private final Provider provider;
+
+
+ public ProviderWrapper(Provider provider) {
+ this.provider = provider;
+ }
+
+ @Override
+ public void onSessionInitiated(ProviderSession providerSession) {
+ //Do a Noop when the real broker calls back
+ }
+
+ @Override
+ public Collection<ProviderFunctionality> getProviderFunctionality() {
+ //Allow the RestconfImpl to respond to this
+ return provider.getProviderFunctionality();
+ }
+ }
+
+ //Wrapper for Consumer
+ public static class ConsumerWrapper implements Consumer {
+
+ private final Consumer consumer;
+
+ public ConsumerWrapper(Consumer consumer) {
+ this.consumer = consumer;
+ }
+
+ @Override
+ public void onSessionInitiated(ConsumerSession consumerSession) {
+ //Do a Noop when the real broker calls back
+ }
+
+ @Override
+ public Collection<ConsumerFunctionality> getConsumerFunctionality() {
+ return consumer.getConsumerFunctionality();
+ }
+ }
+}
--- /dev/null
+/*
+ * Copyright (c) 2014 Cisco Systems, Inc. and others. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v1.0 which accompanies this distribution,
+ * and is available at http://www.eclipse.org/legal/epl-v10.html
+ */
+
+package org.opendaylight.aaa.authz.srv;
+
+import org.opendaylight.controller.md.sal.dom.api.DOMDataBroker;
+import org.opendaylight.controller.sal.core.api.Broker;
+import org.opendaylight.controller.sal.core.api.BrokerService;
+import org.opendaylight.yangtools.yang.common.QName;
+import org.opendaylight.yangtools.yang.common.RpcResult;
+import org.opendaylight.yangtools.yang.data.api.CompositeNode;
+
+import java.util.concurrent.Future;
+
+/**
+ * Created by wdec on 28/08/2014.
+ */
+public class AuthzConsumerContextImpl implements Broker.ConsumerSession {
+
+ private final Broker.ConsumerSession realSession;
+
+ public AuthzConsumerContextImpl(Broker.ConsumerSession realSession, AuthzBrokerImpl authzBroker) {
+ this.realSession = realSession;
+ }
+
+
+ @Override
+ public Future<RpcResult<CompositeNode>> rpc(QName qName, CompositeNode compositeNode) {
+ return realSession.rpc(qName, compositeNode);
+ }
+
+ @Override
+ public boolean isClosed() {
+ return realSession.isClosed();
+ }
+
+ @Override
+ public <T extends BrokerService> T getService(Class<T> tClass) {
+ T t;
+ //Check for class and return Authz broker only for DOMBroker
+ if (tClass == DOMDataBroker.class) {
+ t = (T) AuthzDomDataBroker.getInstance();
+ }
+ else {
+ t = realSession.getService(tClass);
+ }
+ // AuthzDomDataBroker.getInstance().setDomDataBroker((DOMDataBroker)t);
+ return t;
+ }
+
+ @Override
+ public void close() {
+ realSession.close();
+ }
+}
--- /dev/null
+/*
+ * Copyright (c) 2014 Cisco Systems, Inc. and others. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v1.0 which accompanies this distribution,
+ * and is available at http://www.eclipse.org/legal/epl-v10.html
+ */
+
+package org.opendaylight.aaa.authz.srv;
+
+import com.google.common.base.Optional;
+import com.google.common.util.concurrent.CheckedFuture;
+import com.google.common.util.concurrent.ListenableFuture;
+import org.opendaylight.controller.md.sal.common.api.TransactionStatus;
+import org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType;
+import org.opendaylight.controller.md.sal.common.api.data.ReadFailedException;
+import org.opendaylight.controller.md.sal.common.api.data.TransactionCommitFailedException;
+import org.opendaylight.controller.md.sal.dom.api.DOMDataReadWriteTransaction;
+import org.opendaylight.yangtools.yang.common.RpcResult;
+import org.opendaylight.yangtools.yang.data.api.YangInstanceIdentifier;
+import org.opendaylight.yangtools.yang.data.api.schema.NormalizedNode;
+
+/**
+ * Created by wdec on 26/08/2014.
+ */
+public class AuthzDataReadWriteTransaction implements DOMDataReadWriteTransaction {
+
+ private final DOMDataReadWriteTransaction domDataReadWriteTransaction;
+
+ public AuthzDataReadWriteTransaction(DOMDataReadWriteTransaction domDataReadWriteTransaction) {
+ this.domDataReadWriteTransaction = domDataReadWriteTransaction;
+ }
+
+
+ @Override
+ public boolean cancel() {
+ return domDataReadWriteTransaction.cancel();
+ }
+
+ @Override
+ public void delete(LogicalDatastoreType logicalDatastoreType, YangInstanceIdentifier yangInstanceIdentifier) {
+ //TODO: Do AuthZ check here.
+ domDataReadWriteTransaction.delete(logicalDatastoreType, yangInstanceIdentifier);
+ }
+
+ @Override
+ public CheckedFuture<Void, TransactionCommitFailedException> submit() {
+ //TODO: Do AuthZ check here.
+ return domDataReadWriteTransaction.submit();
+ }
+
+ @Override
+ public ListenableFuture<RpcResult<TransactionStatus>> commit() {
+ //TODO: Do AuthZ check here.
+ return domDataReadWriteTransaction.commit();
+ }
+
+ @Override
+ public CheckedFuture<Optional<NormalizedNode<?, ?>>, ReadFailedException> read(LogicalDatastoreType logicalDatastoreType, YangInstanceIdentifier yangInstanceIdentifier) {
+ //TODO: Do AuthZ check here.
+ return domDataReadWriteTransaction.read(logicalDatastoreType, yangInstanceIdentifier);
+ }
+
+ @Override
+ public CheckedFuture<Boolean, ReadFailedException> exists(LogicalDatastoreType logicalDatastoreType, YangInstanceIdentifier yangInstanceIdentifier) {
+ //TODO: Do AuthZ check here.
+ return domDataReadWriteTransaction.exists(logicalDatastoreType, yangInstanceIdentifier);
+ }
+
+ @Override
+ public void put(LogicalDatastoreType logicalDatastoreType, YangInstanceIdentifier yangInstanceIdentifier, NormalizedNode<?, ?> normalizedNode) {
+ //TODO: Do AuthZ check here?
+ domDataReadWriteTransaction.put(logicalDatastoreType, yangInstanceIdentifier, normalizedNode);
+ }
+
+ @Override
+ public void merge(LogicalDatastoreType logicalDatastoreType, YangInstanceIdentifier yangInstanceIdentifier, NormalizedNode<?, ?> normalizedNode) {
+ //TODO: Do AuthZ check here?
+ domDataReadWriteTransaction.merge(logicalDatastoreType, yangInstanceIdentifier, normalizedNode);
+ }
+
+ @Override
+ public Object getIdentifier() {
+ //TODO: Do AuthZ check here.
+ return domDataReadWriteTransaction.getIdentifier();
+ }
+}
--- /dev/null
+/*
+ * Copyright (c) 2014 Cisco Systems, Inc. and others. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v1.0 which accompanies this distribution,
+ * and is available at http://www.eclipse.org/legal/epl-v10.html
+ */
+
+package org.opendaylight.aaa.authz.srv;
+
+import org.opendaylight.aaa.api.AuthenticationService;
+import org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType;
+import org.opendaylight.controller.md.sal.common.api.data.TransactionChainListener;
+import org.opendaylight.controller.md.sal.dom.api.*;
+import org.opendaylight.controller.sal.core.api.Broker;
+import org.opendaylight.controller.sal.core.api.BrokerService;
+import org.opendaylight.yangtools.concepts.ListenerRegistration;
+import org.opendaylight.yangtools.yang.data.api.YangInstanceIdentifier;
+
+/**
+ * Created by wdec on 26/08/2014.
+ */
+public class AuthzDomDataBroker implements BrokerService, DOMDataBroker {
+
+ private DOMDataBroker domDataBroker;
+ private Broker.ProviderSession providerSession;
+
+ private volatile AuthenticationService authService;
+
+ final static AuthzDomDataBroker INSTANCE = new AuthzDomDataBroker();
+
+ public static AuthzDomDataBroker getInstance() {
+ return INSTANCE;
+ }
+
+ public void setDomDataBroker(DOMDataBroker domDataBroker) {
+ this.domDataBroker = domDataBroker;
+ }
+
+ public void setProviderSession(Broker.ProviderSession providerSession) {
+ this.providerSession = providerSession;
+ }
+
+ public void setAuthService(AuthenticationService authService) {
+ this.authService = authService;
+ }
+
+ @Override
+ public DOMDataReadOnlyTransaction newReadOnlyTransaction() {
+ // new Authz transaction + inject real DOM Transaction
+ DOMDataReadOnlyTransaction ro = domDataBroker.newReadOnlyTransaction();
+
+ // return domDataBroker.newReadOnlyTransaction(); //Return original
+ return new AuthzReadOnlyTransaction(ro);
+ }
+
+ @Override
+ public DOMDataReadWriteTransaction newReadWriteTransaction() {
+ // return new Authz transaction + inject real DOM Transaction
+ DOMDataReadWriteTransaction rw = domDataBroker.newReadWriteTransaction();
+ return new AuthzDataReadWriteTransaction(rw);
+ }
+
+ @Override
+ public DOMDataWriteTransaction newWriteOnlyTransaction() {
+ DOMDataWriteTransaction wo = domDataBroker.newWriteOnlyTransaction();
+ return new AuthzWriteOnlyTransaction(wo);
+ }
+
+ @Override
+ public ListenerRegistration<DOMDataChangeListener> registerDataChangeListener(LogicalDatastoreType logicalDatastoreType, YangInstanceIdentifier yangInstanceIdentifier, DOMDataChangeListener domDataChangeListener, DataChangeScope dataChangeScope) {
+ return domDataBroker.registerDataChangeListener(logicalDatastoreType, yangInstanceIdentifier, domDataChangeListener, dataChangeScope);
+ }
+
+ @Override
+ public DOMTransactionChain createTransactionChain(TransactionChainListener transactionChainListener) {
+ return domDataBroker.createTransactionChain(transactionChainListener);
+ }
+}
--- /dev/null
+/*
+ * Copyright (c) 2014 Cisco Systems, Inc. and others. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v1.0 which accompanies this distribution,
+ * and is available at http://www.eclipse.org/legal/epl-v10.html
+ */
+
+package org.opendaylight.aaa.authz.srv;
+
+import org.opendaylight.controller.md.sal.dom.api.DOMDataBroker;
+import org.opendaylight.controller.sal.core.api.Broker;
+import org.opendaylight.controller.sal.core.api.BrokerService;
+import org.opendaylight.controller.sal.core.api.RpcImplementation;
+import org.opendaylight.controller.sal.core.api.RpcRegistrationListener;
+import org.opendaylight.yangtools.concepts.ListenerRegistration;
+import org.opendaylight.yangtools.yang.common.QName;
+import org.opendaylight.yangtools.yang.common.RpcResult;
+import org.opendaylight.yangtools.yang.data.api.CompositeNode;
+
+import java.util.Set;
+import java.util.concurrent.Future;
+
+/**
+ * Created by wdec on 28/08/2014.
+ */
+public class AuthzProviderContextImpl extends AuthzConsumerContextImpl implements Broker.ProviderSession {
+
+ private final Broker.ProviderSession realSession;
+
+ public AuthzProviderContextImpl(Broker.ProviderSession providerSession, AuthzBrokerImpl authzBroker) {
+ super(null, authzBroker);
+ this.realSession = providerSession;
+ }
+ @Override
+ public Broker.RpcRegistration addRpcImplementation(QName qName, RpcImplementation rpcImplementation) throws IllegalArgumentException {
+ return realSession.addRpcImplementation(qName, rpcImplementation);
+ }
+
+ @Override
+ public Broker.RoutedRpcRegistration addRoutedRpcImplementation(QName qName, RpcImplementation rpcImplementation) {
+ return realSession.addRoutedRpcImplementation(qName, rpcImplementation);
+ }
+
+ @Override
+ public Broker.RoutedRpcRegistration addMountedRpcImplementation(QName qName, RpcImplementation rpcImplementation) {
+ return realSession.addMountedRpcImplementation(qName, rpcImplementation);
+ }
+
+ @Override
+ public void close() {
+ realSession.close();
+
+ }
+
+ @Override
+ public Future<RpcResult<CompositeNode>> rpc(QName qName, CompositeNode compositeNode) {
+ return realSession.rpc(qName, compositeNode);
+ }
+
+ @Override
+ public boolean isClosed() {
+ return realSession.isClosed();
+ }
+
+ @Override
+ public <T extends BrokerService> T getService(Class<T> tClass) {
+ T t;
+ //Check for class and return Authz broker only for DOMBroker
+ if (tClass == DOMDataBroker.class) {
+ t = (T) AuthzDomDataBroker.getInstance();
+ }
+ else {
+ t = realSession.getService(tClass);
+ }
+ // AuthzDomDataBroker.getInstance().setDomDataBroker((DOMDataBroker)t);
+ return t;
+ }
+
+ @Override
+ public Set<QName> getSupportedRpcs() {
+ return realSession.getSupportedRpcs();
+ }
+
+ @Override
+ public ListenerRegistration<RpcRegistrationListener> addRpcRegistrationListener(RpcRegistrationListener rpcRegistrationListener) {
+ return realSession.addRpcRegistrationListener(rpcRegistrationListener);
+ }
+}
--- /dev/null
+/*
+ * Copyright (c) 2014 Cisco Systems, Inc. and others. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v1.0 which accompanies this distribution,
+ * and is available at http://www.eclipse.org/legal/epl-v10.html
+ */
+
+package org.opendaylight.aaa.authz.srv;
+
+import com.google.common.base.Optional;
+import com.google.common.util.concurrent.CheckedFuture;
+import org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType;
+import org.opendaylight.controller.md.sal.common.api.data.ReadFailedException;
+import org.opendaylight.controller.md.sal.dom.api.DOMDataReadOnlyTransaction;
+import org.opendaylight.yangtools.yang.data.api.YangInstanceIdentifier;
+import org.opendaylight.yangtools.yang.data.api.schema.NormalizedNode;
+
+/**
+ * Created by wdec on 28/08/2014.
+ */
+
+public class AuthzReadOnlyTransaction implements DOMDataReadOnlyTransaction {
+
+ private final DOMDataReadOnlyTransaction ro;
+ public AuthzReadOnlyTransaction(DOMDataReadOnlyTransaction ro) {
+ this.ro = ro;
+ }
+
+ @Override
+ public void close() {
+ ro.close();
+ }
+
+ @Override
+ public CheckedFuture<Optional<NormalizedNode<?, ?>>, ReadFailedException> read(LogicalDatastoreType logicalDatastoreType, YangInstanceIdentifier yangInstanceIdentifier) {
+ //TODO: Do AuthZ check here.
+ return ro.read(logicalDatastoreType, yangInstanceIdentifier);
+ }
+
+ @Override
+ public CheckedFuture<Boolean, ReadFailedException> exists(LogicalDatastoreType logicalDatastoreType, YangInstanceIdentifier yangInstanceIdentifier) {
+ //TODO: Do AuthZ check here.
+ return ro.exists(logicalDatastoreType, yangInstanceIdentifier);
+ }
+
+ @Override
+ public Object getIdentifier() {
+ //TODO: Do AuthZ check here.
+ return ro.getIdentifier();
+ }
+}
--- /dev/null
+/*
+ * Copyright (c) 2014 Cisco Systems, Inc. and others. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v1.0 which accompanies this distribution,
+ * and is available at http://www.eclipse.org/legal/epl-v10.html
+ */
+
+package org.opendaylight.aaa.authz.srv;
+
+import com.google.common.util.concurrent.CheckedFuture;
+import com.google.common.util.concurrent.ListenableFuture;
+import org.opendaylight.controller.md.sal.common.api.TransactionStatus;
+import org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType;
+import org.opendaylight.controller.md.sal.common.api.data.TransactionCommitFailedException;
+import org.opendaylight.controller.md.sal.dom.api.DOMDataWriteTransaction;
+import org.opendaylight.yangtools.yang.common.RpcResult;
+import org.opendaylight.yangtools.yang.data.api.YangInstanceIdentifier;
+import org.opendaylight.yangtools.yang.data.api.schema.NormalizedNode;
+
+/**
+ * Created by wdec on 02/09/2014.
+ */
+public class AuthzWriteOnlyTransaction implements DOMDataWriteTransaction {
+
+ private final DOMDataWriteTransaction domDataWriteTransaction;
+
+ public AuthzWriteOnlyTransaction(DOMDataWriteTransaction wo) {
+ this.domDataWriteTransaction = wo;
+ }
+
+ @Override
+ public void put(LogicalDatastoreType logicalDatastoreType, YangInstanceIdentifier yangInstanceIdentifier, NormalizedNode<?, ?> normalizedNode) {
+ //TODO: Do AuthZ check here.
+ domDataWriteTransaction.put(logicalDatastoreType, yangInstanceIdentifier, normalizedNode);
+ }
+
+ @Override
+ public void merge(LogicalDatastoreType logicalDatastoreType, YangInstanceIdentifier yangInstanceIdentifier, NormalizedNode<?, ?> normalizedNode) {
+ //TODO: Do AuthZ check here.
+ domDataWriteTransaction.merge(logicalDatastoreType, yangInstanceIdentifier, normalizedNode);
+ }
+
+ @Override
+ public boolean cancel() {
+ return domDataWriteTransaction.cancel();
+ }
+
+ @Override
+ public void delete(LogicalDatastoreType logicalDatastoreType, YangInstanceIdentifier yangInstanceIdentifier) {
+ //TODO: Do AuthZ check here.
+ domDataWriteTransaction.delete(logicalDatastoreType, yangInstanceIdentifier);
+
+ }
+
+ @Override
+ public CheckedFuture<Void, TransactionCommitFailedException> submit() {
+ //TODO: Do AuthZ check here.
+ return domDataWriteTransaction.submit();
+ }
+
+ @Override
+ public ListenableFuture<RpcResult<TransactionStatus>> commit() {
+ //TODO: Do AuthZ check here.
+ return domDataWriteTransaction.commit();
+ }
+
+ @Override
+ public Object getIdentifier() {
+ //TODO: Do AuthZ check here.
+ return domDataWriteTransaction.getIdentifier();
+ }
+}
--- /dev/null
+/*
+ * Copyright (c) 2014 Cisco Systems, Inc. and others. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v1.0 which accompanies this distribution,
+ * and is available at http://www.eclipse.org/legal/epl-v10.html
+ */
+
+package org.opendaylight.controller.config.yang.config.aaa_authz.srv;
+
+import org.opendaylight.aaa.api.AuthenticationService;
+import org.opendaylight.aaa.authz.srv.AuthzBrokerImpl;
+import org.osgi.framework.BundleContext;
+import org.osgi.framework.ServiceReference;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class AuthzSrvModule extends org.opendaylight.controller.config.yang.config.aaa_authz.srv.AbstractAuthzSrvModule {
+ private static final Logger log = LoggerFactory.getLogger(AuthzSrvModule.class);
+ private static boolean simple_config_switch;
+ private BundleContext bundleContext;
+
+ public AuthzSrvModule(org.opendaylight.controller.config.api.ModuleIdentifier identifier, org.opendaylight.controller.config.api.DependencyResolver dependencyResolver) {
+ super(identifier, dependencyResolver);
+ }
+
+ public AuthzSrvModule(org.opendaylight.controller.config.api.ModuleIdentifier identifier, org.opendaylight.controller.config.api.DependencyResolver dependencyResolver, org.opendaylight.controller.config.yang.config.aaa_authz.srv.AuthzSrvModule oldModule, java.lang.AutoCloseable oldInstance) {
+ super(identifier, dependencyResolver, oldModule, oldInstance);
+ }
+
+ @Override
+ public void customValidation() {
+ // add custom validation form module attributes here.
+ }
+
+
+ @Override
+ public java.lang.AutoCloseable createInstance() {
+
+ //Get new AuthZ Broker
+ final AuthzBrokerImpl authzBrokerImpl = new AuthzBrokerImpl();
+
+ //Provide real broker to the new Authz broker
+ authzBrokerImpl.setBroker(getDomBrokerDependency());
+
+ //Get AuthN service reference and register it with the authzBroker
+ ServiceReference<AuthenticationService> authServiceReference = bundleContext.getServiceReference(AuthenticationService.class);
+ AuthenticationService as = bundleContext.getService(authServiceReference);
+ authzBrokerImpl.setAuthenticationService(as);
+
+ // Register AuthZ broker with the real Broker as a provider; triggers "onSessionInitiated" in AuthzBrokerImpl
+ getDomBrokerDependency().registerProvider(authzBrokerImpl);
+ getAction();
+
+
+ log.info("AuthZ Service Initialized from Config subsystem");
+ return authzBrokerImpl;
+
+
+ }
+
+ public void setBundleContext(BundleContext bundleContext) {
+ this.bundleContext = bundleContext;
+ }
+}
+
--- /dev/null
+/*
+ * Copyright (c) 2014 Cisco Systems, Inc. and others. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v1.0 which accompanies this distribution,
+ * and is available at http://www.eclipse.org/legal/epl-v10.html
+ */
+
+/*
+* Generated file
+*
+* Generated from: yang module name: aaa-authz-service-impl yang module local name: aaa-authz-service
+* Generated by: org.opendaylight.controller.config.yangjmxgenerator.plugin.JMXGenerator
+* Generated at: Thu Jul 24 11:19:40 CEST 2014
+*
+* Do not modify this file unless it is present under src/main directory
+*/
+package org.opendaylight.controller.config.yang.config.aaa_authz.srv;
+
+import org.opendaylight.controller.config.api.DependencyResolver;
+import org.opendaylight.controller.config.api.DynamicMBeanWithInstance;
+import org.opendaylight.controller.config.spi.Module;
+import org.osgi.framework.BundleContext;
+
+public class AuthzSrvModuleFactory extends org.opendaylight.controller.config.yang.config.aaa_authz.srv.AbstractAuthzSrvModuleFactory {
+
+ @Override
+ public org.opendaylight.controller.config.spi.Module createModule(String instanceName, org.opendaylight.controller.config.api.DependencyResolver dependencyResolver, org.osgi.framework.BundleContext bundleContext) {
+
+ final AuthzSrvModule module = (AuthzSrvModule) super.createModule(instanceName, dependencyResolver, bundleContext);
+
+ module.setBundleContext(bundleContext);
+
+ return module;
+
+ }
+
+ @Override
+ public Module createModule(final String instanceName, final DependencyResolver dependencyResolver,
+ final DynamicMBeanWithInstance old, final BundleContext bundleContext) throws Exception {
+ final AuthzSrvModule module = (AuthzSrvModule) super.createModule(instanceName, dependencyResolver,
+ old, bundleContext);
+
+ module.setBundleContext(bundleContext);
+
+ return module;
+ }
+}
--- /dev/null
+module aaa-authz-service-impl {
+
+ yang-version 1;
+ namespace "urn:opendaylight:params:xml:ns:yang:controller:config:aaa-authz:srv";
+ prefix "aaa-authz-srv-impl";
+
+ import config { prefix config; revision-date 2013-04-05; }
+ import rpc-context { prefix rpcx; revision-date 2013-06-17; }
+ import opendaylight-md-sal-binding { prefix mdsal; revision-date 2013-10-28; }
+ import opendaylight-md-sal-dom {prefix dom;}
+ import authorization-schema { prefix authzs; revision-date 2014-07-22; }
+ import ietf-inet-types {prefix inet; revision-date 2010-09-24;}
+
+ description
+ "This module contains the base YANG definitions for
+ AuthZ implementation.";
+
+ revision "2014-07-01" {
+ description
+ "Initial revision.";
+ }
+
+
+ // This is the definition of the service implementation as a module identity.
+ identity aaa-authz-service {
+ base config:module-type;
+ // Specifies the prefix for generated java classes.
+ config:java-name-prefix AuthzSrv;
+ config:provided-service dom:dom-broker-osgi-registry;
+ }
+
+ // Augments the 'configuration' choice node under modules/module.
+
+ augment "/config:modules/config:module/config:configuration" {
+ case aaa-authz-service {
+ when "/config:modules/config:module/config:type = 'aaa-authz-service'";
+
+//Defines reference to the intended broker under the AuthZ broker
+
+ container dom-broker {
+ uses config:service-ref {
+ refine type {
+ mandatory true;
+ config:required-identity dom:dom-broker-osgi-registry;
+ }
+ }
+ }
+
+ container data-broker {
+ uses config:service-ref {
+ refine type {
+ mandatory false;
+ config:required-identity mdsal:binding-data-broker;
+
+ }
+ }
+ }
+
+//Simple Authz data leafs:
+
+ leaf authz-role {
+ type string;
+ }
+
+ leaf service {
+ type authzs:service-type;
+ }
+ leaf action {
+ type authzs:action-type;
+
+ }
+ leaf resource {
+ type authzs:resource-type;
+
+ }
+ leaf role {
+ type authzs:role-type;
+
+ }
+
+
+
+ //TODO: Check why uses below doesn't make the outer list be part of the source name-space in yang code generator.
+ uses authzs:authorization-grp;
+
+ /* The above "uses" statement is effectively and import of the following data structure:
+ list policies {
+ key "service";
+ leaf service {
+ type authzs:service-type;
+ }
+ leaf action {
+ type authzs:action-type;
+
+ }
+ leaf resource {
+ type authzs:resource-type;
+
+ }
+ leaf role {
+ type authzs:role-type;
+
+ }
+ } */
+
+
+ }
+ }
+
+}
--- /dev/null
+/*
+ * Copyright (c) 2014 Cisco Systems, Inc. and others. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v1.0 which accompanies this distribution,
+ * and is available at http://www.eclipse.org/legal/epl-v10.html
+ */
+
+package org.opendaylight.aaa.authz.srv;
+
+import org.junit.Assert;
+import org.junit.Before;
+import org.mockito.Mockito;
+import org.opendaylight.controller.md.sal.dom.api.DOMDataBroker;
+import org.opendaylight.controller.sal.core.api.Broker;
+import org.opendaylight.controller.sal.core.api.Provider;
+
+public class AuthzConsumerContextImplTest {
+
+ private Broker.ConsumerSession realconsumercontext;
+ private Provider realprovidercontext;
+ private AuthzBrokerImpl authzBroker;
+ private Broker realbroker;
+
+ @Before
+ public void beforeTest () {
+ realconsumercontext = Mockito.mock(Broker.ConsumerSession.class);
+ realprovidercontext = Mockito.mock(Provider.class);
+ realbroker = Mockito.mock(Broker.class);
+ realbroker.registerProvider(realprovidercontext);
+ authzBroker = Mockito.mock(AuthzBrokerImpl.class);
+ }
+
+ @org.junit.Test
+ public void testGetService() throws Exception {
+ AuthzConsumerContextImpl authzConsumerContext = new AuthzConsumerContextImpl(realconsumercontext, authzBroker);
+
+ Assert.assertEquals("Expected Authz session context", authzConsumerContext.getService(DOMDataBroker.class).getClass(), AuthzDomDataBroker.class );
+ //Assert.assertEquals("Expected Authz session context", authzConsumerContext.getService(SchemaService.class).getClass(), SchemaService.class);
+ }
+}
\ No newline at end of file
<modules>
<module>aaa-authz-model</module>
-<!-- <module>aaa-authz-service</module> -->
+ <module>aaa-authz-service</module>
+ <module>aaa-authz-config</module>
+ <module>aaa-authz-restconf-config</module>
</modules>
<sal.binding.config.version>1.1-SNAPSHOT</sal.binding.config.version>
<yang.maven.plugin.version>0.6.2-SNAPSHOT</yang.maven.plugin.version>
<yang.codegen.version>0.6.2-SNAPSHOT</yang.codegen.version>
+ <config.authz.service.configfile>08-authz-config.xml</config.authz.service.configfile>
+ <config.restconf.configfile>10-rest-connector.xml</config.restconf.configfile>
<!-- AuthN -->
<ehcache.version>2.8.3</ehcache.version>
<oauth.version>1.0.0</oauth.version>
</parent>
<artifactId>features-aaa</artifactId>
- <groupId>org.opendaylight.aaa</groupId>
<packaging>jar</packaging>
<properties>
<artifactId>aaa-authz-model</artifactId>
<version>${project.version}</version>
</dependency>
+ <dependency>
+ <groupId>org.opendaylight.aaa</groupId>
+ <artifactId>authz-service-config</artifactId>
+ <version>${project.version}</version>
+ <type>xml</type>
+ <classifier>config</classifier>
+ </dependency>
+ <dependency>
+ <groupId>org.opendaylight.controller</groupId>
+ <artifactId>features-mdsal</artifactId>
+ <version>${mdsal.version}</version>
+ <classifier>features</classifier>
+ <type>xml</type>
+ </dependency>
+ <dependency>
+ <groupId>org.opendaylight.controller</groupId>
+ <artifactId>features-config</artifactId>
+ <version>${config.version}</version>
+ <classifier>features</classifier>
+ <type>xml</type>
+ </dependency>
+
<!-- odl-aaa-authn-plugin -->
<dependency>
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://karaf.apache.org/xmlns/features/v1.2.0 http://karaf.apache.org/xmlns/features/v1.2.0">
- <repository>mvn:org.opendaylight.yangtools/features-yangtools/0.6.2-SNAPSHOT/xml/features</repository>
+ <repository>mvn:org.opendaylight.yangtools/features-yangtools/${yangtools.version}/xml/features</repository>
<repository>mvn:org.opendaylight.controller/features-netconf/${netconf.version}/xml/features</repository>
+ <repository>mvn:org.opendaylight.controller/features-mdsal/${mdsal.version}/xml/features</repository>
+ <repository>mvn:org.opendaylight.controller/features-config/${config.version}/xml/features</repository>
<feature name='odl-aaa-all' description='OpenDaylight :: AAA :: All Features'
version='${project.version}'>
<feature version='${yangtools.version}'>odl-yangtools-common</feature>
<feature version='${yangtools.version}'>odl-yangtools-binding</feature>
<feature version='${project.version}'>odl-aaa-authn</feature>
+ <!-- <feature version='${mdsal.version}'>odl-mdsal-common</feature> -->
+ <feature version='${mdsal.version}'>odl-mdsal-broker</feature>
+ <feature version='${config.version}'>odl-config-core</feature>
<bundle>mvn:org.opendaylight.aaa/aaa-authz-model/${project.version}</bundle>
+ <bundle>mvn:org.opendaylight.aaa/aaa-authz-service/${project.version}</bundle>
+ <configfile finalname="${config.configfile.directory}/${config.authz.service.configfile}">mvn:org.opendaylight.aaa/authz-service-config/${project.version}/xml/config</configfile>
+ <configfile finalname="${config.configfile.directory}/${config.restconf.configfile}">mvn:org.opendaylight.aaa/authz-restconf-connector-config/${project.version}/xml/config</configfile>
</feature>
</features>